File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes Security vulnerability in Tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Security vulnerability in Tomcat" Watch "Security vulnerability in Tomcat" New topic

Security vulnerability in Tomcat

William Brogden
Author and all-around good cowpoke

Joined: Mar 22, 2000
Posts: 13037
Reported in this secunia advisory.

A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "Accept-Language" header is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site, e.g. via a specially crafted Flash file.

The vulnerability affects the following versions:
* Tomcat 4.0.0 to 4.0.6
* Tomcat 4.1.0 to 4.1.34
* Tomcat 5.0.0 to 5.0.30
* Tomcat 5.5.0 to 5.5.20
* Tomcat 6.0.0 to 6.0.5

Just thought you might find this interesting.

I agree. Here's the link:
subject: Security vulnerability in Tomcat
It's not a secret anymore!